As an Information Security GRC Specialist, you will play a critical role in Western Digital s information security risk management program.
You will a key member of Western Digital s technology and security compliance programs that meet industry standards, regulatory requirements, and organizational objectives. You will lead Information Security Third Party Risk Program - develop robust risk management strategies, insightful metrics, and drive operational excellence. You will collaborate with cross-functional teams, providing expert technology risk guidance and analysis to enhance our information security posture and ensure compliance with industry standards and regulations.
Key Responsibilities
- Serve as leader and owner of the Third-Party Risk Program in support of WD information security and business objectives.
- Lead process analysis and improvement to ensure that efficiency and effectiveness of Third-Party Risk program, create and refine summaries, reports, KRI/KPI's and governance documentation associated with the Third-Party Security Program.
- Conduct technical security assessments of third-party vendor and services to ensure systems, networks, operations, business processes, and applications, information risks are identified and managed.
- Work with business units and the legal team to define security requirements and standards for third-party contracts.
- Collaborate across the organization to document and identify risk mitigation measures associated with third parties, including identifying back-up third parties, strength and/or maturity of the company, and other crucial factors.
- Act as a point of contact for internal and external auditors on 3rd party related audits for Technology, Security, Disaster Recovery related diligence.
- Develop and drive implementation of effective risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements.
- Analyze security data to identify trends, vulnerabilities, and areas for improvement.
- Collaborate with internal and external auditors to facilitate security audits and assessments.
- Collaborate across the organization to ensure the integration of risk management practices into organizational processes and projects.
- Stay current with industry trends, emerging threats, and best practices for information security and risk management.
